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Amendments to the Claims 

This listing of claims will replace all prior versions, and listings, of claims in the application: 

Listing of claims 

1. (currently amended) A system comprising a trusted computing platform and one or more 
logically protected computing environments, each of which is logically protected computing 
environment being an operating system compartment associated with at least one service or 
process supported by said system, the system being arranged to load an operating system into 
said trusted computing platform and thereafter to load onto said trusted computing platform data 
defining a predetermined security policy defining security attributes to be applied to one or more 
of the at least one service or process when said service or process is started. 

2. (original) A system according to claim 1 wherein the policy included one or more security 
rules for controlling operation of logically protected computing environments. 

3. (previously presented) A system according to claim 2 wherein at least one of the one or more 
security rules is for at least one of the logically protected environments and includes an 
execution control rule which defines the security attributes. 

4. (original) A system according to claim 3, wherein said security attributes include or comprise 
one or more capabilities to be provided to the respective logically protected computing 
environment when said service or process is started. 

5. (original) A system according to claim 3, wherein said security attributes include or comprise 
one or more functions which change or modify the capabilities of the respective logically 
protected computing environment when said service or process is started. 

6. (previously presented) A system according to claim 3, wherein when a service or process is 
started said security attribute operates to cause the service or process to be placed and run in a 
specified logically protected computing environment. 
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7. (original) A system according to claim 3, wherein said security attributes operate to modify a 
user id, a group id or a logically protected computing environment in which a service or process 
is to be run. 

8. (previously presented) A system according to claim 3, wherein said security attributes operate 
to change the root directory of the service or process. 

9. (original) A system according to claim 5, wherein said execution control rule can raise or 
lower a specified capability. 

10. (original) A system according to claim 5, wherein the security attributes operate to filter a set 
of capabilities of a logically protected computing environment and modifying only one or more 
of said capabilities as selected by said filtering means. 

11. (previously presented) A system according to claim 3, wherein said execution control rule 
specifies the service or process to which it applies by identifying the associated logically 
protected computing environment, with the effect that said rule applies only to services or 
processes specifying that logically protected computing environment. 

12. (previously presented) A system according to claim 3, wherein the files making up a service 
or process to which said execution control rule applies are of read-only configuration. 

13. (original) A system according to claim 3, including means for monitoring operations 
performed by the system which modify names of files making up services or programs to which 
said execution control rule applies. 

14. (canceled) 
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15. (currently amended) A method of applying a security policy in a system including a trusted 
computing platform and one or more logically protected computing environments, each of which 
is logically protected computing environment being an operating system compartment associated 
with at least one service or process supported by said system, the method including the steps of 
loading an operating system into said trusted computing platform; after loading the operating 
system, starting a service or process associated with at least one of the logically protected 
computing environments; and controlling the operation of the at least one logically protected 
environment by applying, upon starting of the service or process, security attributes to the service 
or process. 

16. (original) A method according to claim 15 wherein the attributes are defined by execution 
control rules, which are included in security rules implementing at least part of the policy. 

17. (canceled) 

***** 
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